Bug#452789: xxd segfaults with large values for -c
Bram Moolenaar
Bram at moolenaar.net
Tue Nov 27 21:26:31 UTC 2007
James -
> Large values for the -c option (approximately 100 or greater) cause xxd
> to segfault. Where the segfault occurs seems to vary based on how large the
> columns option is.
>
> I get this traceback when running "xxd -b -c 100 /usr/bin/xxd".
>
> Program terminated with signal 11, Segmentation fault.
> #0 0xb7e6ce0d in getc () from /lib/i686/cmov/libc.so.6
> (gdb) bt full
> #0 0xb7e4ce0d in getc () from /lib/i686/cmov/libc.so.6
> No symbol table info available.
> #1 0x0804a0a2 in main (argc=2, argv=0xbfb6e3c0) at xxd.c:731
> fp = (FILE *) 0x2e04c008
> fpo = (FILE *) 0xb7f344e0
> c = 16
> e = 127
> p = 1
> relseek = 1
> negseek = 0
> revert = 0
> cols = 100
> nonzero = 1
> autoskip = 0
> hextype = 3
> ebcdic = 0
> octspergrp = 1
> grplen = 9
> length = -1
> n = 1
> seekoff = 0
> l = "0000000: 01111111", ' ' <repeats 889 times>
> pname = 0xbfb6f984 "xxd"
> pp = 0xbfb6f992 "/usr/bin/xxd"
> #2 0xb7e01450 in __libc_start_main () from /lib/i686/cmov/libc.so.6
> No symbol table info available.
> #3 0x08048851 in _start ()
> No symbol table info available.
>
> Yet when running "xxd -b -c 1000 /usr/bin/xxd" I get the following.
>
> Program terminated with signal 11, Segmentation fault.
> #0 0x08049feb in main (argc=2, argv=0xbfc6acb0) at xxd.c:753
> 753 l[11 + (grplen * cols - 1)/octspergrp + p] =
> (gdb) bt full
> #0 0x08049feb in main (argc=2, argv=0xbfc6acb0) at xxd.c:753
> fp = (FILE *) 0x804c008
> fpo = (FILE *) 0xb7f354e0
> c = 16
> e = 127
> p = 0
> relseek = 1
> negseek = 0
> revert = 0
> cols = 1000
> nonzero = 0
> autoskip = 0
> hextype = 3
> ebcdic = 0
> octspergrp = 1
> grplen = 9
> length = -1
> n = 0
> seekoff = 0
> l = "0000000: 01111111", ' ' <repeats 889 times>
> pname = 0xbfc6b983 "xxd"
> pp = 0xbfc6b992 "/usr/bin/xxd"
> #1 0xb7e02450 in __libc_start_main () from /lib/i686/cmov/libc.so.6
> No symbol table info available.
> #2 0x08048851 in _start ()
> No symbol table info available.
>
> The above tracebacks were generated after building xxd with no
> optimizations.
I'm not the maintainer of xxd, but since it's included with Vim I tried
fixing it anyway. Please try the patch below and check that it fixes
the problem for you.
- Bram
*** ../vim-7.1.162/src/xxd/xxd.c Thu May 10 19:07:42 2007
--- src/xxd/xxd.c Tue Nov 27 22:20:19 2007
***************
*** 212,218 ****
#define TRY_SEEK /* attempt to use lseek, or skip forward by reading */
#define COLS 256 /* change here, if you ever need more columns */
! #define LLEN (9 + (5*COLS-1)/2 + 2 + COLS)
char hexxa[] = "0123456789abcdef0123456789ABCDEF", *hexx = hexxa;
--- 212,218 ----
#define TRY_SEEK /* attempt to use lseek, or skip forward by reading */
#define COLS 256 /* change here, if you ever need more columns */
! #define LLEN (9 + (9*COLS-1)/2 + 2 + COLS)
char hexxa[] = "0123456789abcdef0123456789ABCDEF", *hexx = hexxa;
***************
*** 590,596 ****
default: octspergrp = 0; break;
}
! if (cols < 1 || (!hextype && (cols > COLS)))
{
fprintf(stderr, "%s: invalid number of columns (max. %d).\n", pname, COLS);
exit(1);
--- 590,597 ----
default: octspergrp = 0; break;
}
! if (cols < 1 || ((hextype == HEX_NORMAL || hextype == HEX_BITS)
! && (cols > COLS)))
{
fprintf(stderr, "%s: invalid number of columns (max. %d).\n", pname, COLS);
exit(1);
--
Although the scythe isn't pre-eminent among the weapons of war, anyone who
has been on the wrong end of, say, a peasants' revolt will know that in
skilled hands it is fearsome.
-- (Terry Pratchett, Mort)
/// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
More information about the pkg-vim-maintainers
mailing list